Setting Expectations – Recognising the Context
IL7 will take its lead from initial customer engagement and is equipped to undertake assessments that could provide or develop:
Enterprise Risk Management (ERM).
Sectional (departmental) Information Risk Management.
System or Network Information Risk Management.
Project Information Risk Management.
Should IL7 be asked to set up the ERM framework it would be within the customer’s corporate context and seek to have appropriate linkages with the business drivers of the customer organisation. Business risk drivers come from both inside and outside the organisation. They are not inherently information risks or aligned to IT. In figure 3 they are divided into financial, infrastructure, marketplace and reputational. Together they contribute to the risk attitude and policies, on which to implement risk management, and our framework will reflect this.